G
Guest
A customer brought in an XP Home SP2 machine that was heavily infected with
viruses and scumware. After removing all of it (Norton AV, MS Antispy,
Adaware, Spybot, and Spysweeper all say it is now clean). Hijackthis tends
to confirm this, with all BHOs gone. It now runs quite well, except for IE.
IE 6 will not run at all, except in a special instance. More on that later.
If you try to launch it (homepage = www.msn.com, also tried www.cnn.com), you
get the Internet Explorer has encountered an error... message. Event log
shows "faulting application iexplore.exe version 6.0.2900.2180, faulting
module kernel32.dll version 5.1.2600.2180.
Just to be sure, 3rd party browser extensions are disabled in Internet
Properties - Advanced. The special instance where it actually will launch is
when it is launched by Spysweeper after an install or uninstall, taking you
to Webroot's web page. If you then try to go to any other site, it crashes
the same.
An older version of McAfee antivirus was apparently ineffective at
preventing infection and does not run properly, but since, in their infinite
wisdom, they rely on IE to uninstall, it won't (IE script errors). Sweet.
Unlike Norton, they don't offer nifty little uninstall utilities for such
cases. I am hesitant to wade through the registry as you never know for sure
that you've gotten all the vxds and dlls, and I've seen some strange things
happen when orphans are still active.
Another issue that I thought may have been contributing was that the .net
installation was hammered. After getting past the famous "can't uninstall
because XP thinks it is not installed/can't install because it is already
installed" issue, I got it installed, but it got me wondering if .net
interaction with IE is at the root of this.
Since the online virus scanners seem to require IE/ActiveX to run, I haven't
done any additional scanning for viruses, but it seems to run great and surfs
fine with Firefox.
Since it is running XP SP2, you can't use the trick anymore of setting
ActiveSetup isinstalled = 0 to force a reinstall of IE 6, so I did try a
reinstall of SP2, to no avail.
Any ideas?
viruses and scumware. After removing all of it (Norton AV, MS Antispy,
Adaware, Spybot, and Spysweeper all say it is now clean). Hijackthis tends
to confirm this, with all BHOs gone. It now runs quite well, except for IE.
IE 6 will not run at all, except in a special instance. More on that later.
If you try to launch it (homepage = www.msn.com, also tried www.cnn.com), you
get the Internet Explorer has encountered an error... message. Event log
shows "faulting application iexplore.exe version 6.0.2900.2180, faulting
module kernel32.dll version 5.1.2600.2180.
Just to be sure, 3rd party browser extensions are disabled in Internet
Properties - Advanced. The special instance where it actually will launch is
when it is launched by Spysweeper after an install or uninstall, taking you
to Webroot's web page. If you then try to go to any other site, it crashes
the same.
An older version of McAfee antivirus was apparently ineffective at
preventing infection and does not run properly, but since, in their infinite
wisdom, they rely on IE to uninstall, it won't (IE script errors). Sweet.
Unlike Norton, they don't offer nifty little uninstall utilities for such
cases. I am hesitant to wade through the registry as you never know for sure
that you've gotten all the vxds and dlls, and I've seen some strange things
happen when orphans are still active.
Another issue that I thought may have been contributing was that the .net
installation was hammered. After getting past the famous "can't uninstall
because XP thinks it is not installed/can't install because it is already
installed" issue, I got it installed, but it got me wondering if .net
interaction with IE is at the root of this.
Since the online virus scanners seem to require IE/ActiveX to run, I haven't
done any additional scanning for viruses, but it seems to run great and surfs
fine with Firefox.
Since it is running XP SP2, you can't use the trick anymore of setting
ActiveSetup isinstalled = 0 to force a reinstall of IE 6, so I did try a
reinstall of SP2, to no avail.
Any ideas?